Free Malware Removal Forum

Welcome to MalwareRemoval.com,What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our
Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.

Any recommendations made are for your computer problems only and should NOT be used on any other computer.

Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them: 1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.

If you get stuck or are unsure of something please ask for a further explanation, do not guess.

It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Thanks

MRU P2P PolicyIMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitTorrent | DNA

I'd like you to read the MRU policy for P2P Programs.Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) & any other P2P programs.

DDSDownload DDS.scr by sUBs from one of the following links & save it to your desktop.Link 1Link 2

Double-Click on dds.scr and a command window will appear. This is normal

ComboFixDownload ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):Link 1Link 2

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsA guide to do this can be found here

Right-click on ComboFix.exe then choose Run as Administrator & follow the prompts

When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.ComboFix SHOULD NOT be used unless requested by a forum helper

Sorry I missed out this "Ares" P2P program to uninstall . Thanks for pointing it out.

I followed the steps mentioned in the above topic.

I ran the ComboFix.exe refering to the mentioned steps, in the midst of scanning process a prompt appeared saying "ComboFix found a rootkit and needs to restart your system". This window only gave me one option with "Ok" button and when I clicked on "Ok" my system got restarted.

After this I checked C:\ drive for ComboFix.txt but it doesnt seem to be created.

I dont know exactly what to do now, So I thought I should asked you to suggest how to proceed further as you mentioned do not guess anything.

The log got created this time. I am posting the log files (ComboFix and HijackThis log file) you mentioned in the earlier replies. I unfortunately unable to post you GMER log because now when I am running it (exactly following the steps you mentioned earlier) the GMER program is getting closed by prompting (The program encountered a problem). I tried to run it again the prompt again came up and then the dangerous blue screen appeared mentioning "The system was shutdown to prevent from damage". Please find the ComboFix and HijackThis log files below and help me to proceed further.

The log got created this time. I am posting the log files (ComboFix and HijackThis log file) you mentioned in the earlier replies. I unfortunately unable to post you GMER log because now when I am running it (exactly following the steps you mentioned earlier) the GMER program is getting closed by prompting (The program encountered a problem). I tried to run it again the prompt again came up and then the dangerous blue screen appeared mentioning "The system was shutdown to prevent from damage". Please find the ComboFix and HijackThis log files below and help me to proceed further.

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at "C:\ComboFix.txt"Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stallA word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.ComboFix SHOULD NOT be used unless requested by a forum helper

I would also like to see a list of files that ComboFix has quarantined so please do this:

I would also like to see a list of files quarantined by ComboFix, so please do this:Click Start > Run then copy/paste the following single-line command into the Run box and click OK:

C:\Qoobox\ComboFix-quarantined-files.txt

A text file should open. Post the contents of that file in your next reply.

As for Gmer, try running it again but this time untick Devices along with the other boxes to untick.

To post in next reply:ComboFix logComboFix-quarantined-files logGmer log (if it ran)New HijackThis logUpdate on how the computer is running / problems

I created the CFscript.txt and ran ComboFix as per the mentioned steps. ComboFix Scan got completed but when the log file was about to be created I again got a blue screen and system got restarted.

I have the antivirus and scan program disabled before running the CFscripts with ConboFix from systray but the antivirus which I have on my system is a startup program. When the system got restarted antivirus immmediately caught some trojans in C:\Comfix\ folder and some from C:\Windows folder and repaired them. I also checked the ComboFix.txt was also did not got created.

Having antivirus disabled usually windows defender prompt on Trojan Alureon.gen!U , this doesnt seems to be appearing now. A bit slow system startup but that too negligible. Please let me know when I should enable my antivirus to make sure nothing else suspicious running on my system. Till now no suspiciuos activity reported even no system crash as it was happening earlier but just wanted to see how the system behave when antivirus is enabled.

Save any unsaved work. TFC Cleaner will close all open application windows

Double-click TFC.exe to run the program, your desktop will temporarily disappear

If prompted, click Yes to reboot

Note:Save your work.. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take any longer than a couple of minutes & may only take a few seconds. Only if needed will you be prompted to reboot.

Kaspersky Online ScanRight click on your favourite web browser (Internet Explorer, Firefox, etc) and select Run As Administrator to run itGo to Kaspersky website and perform an online antivirus scan

Read through the requirements and privacy statement and click on Accept button

It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run

When the downloads have finished, click on Settings

Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Please give me some time to submit the above requested logs. Online Kaspersky scan is taking time since it does a whole system scan. I need to spare some hours to complete the process and will post the logs ASAP.

Who is online

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.